Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c6841690 by Salvatore Bonaccorso at 2026-05-20T20:38:23+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -278,7 +278,7 @@ CVE-2026-46586 (Improper Control of Generation of Code
('Code Injection'), Impro
CVE-2026-45585 (Microsoft is aware of a security feature bypass vulnerability
in Windo ...)
NOT-FOR-US: Microsoft
CVE-2026-45557 (Technitium DNS Server aggressively tries to fetch missing
RRSIG record ...)
- TODO: check
+ NOT-FOR-US: Technitium DNS Server
CVE-2026-45442 (Missing Authorization vulnerability in Brainstorm Force Presto
Player ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-45434 (Improper Authentication vulnerability in Apache OFBiz via
Password-Cha ...)
@@ -292,21 +292,21 @@ CVE-2026-44392 (Missing authorization vulnerability
exists in Movable Type. Unde
CVE-2026-44159 (Tyler Identity Local (TID-L) uses documented, default
administrative c ...)
TODO: check
CVE-2026-43634 (HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2026-43633 (HestiaCP versions 1.9.0 through 1.9.4 contain a
deserialization vulner ...)
- TODO: check
+ NOT-FOR-US: Hestia Control Panel
CVE-2026-42526 (In the AWS Secrets Manager and SSM Parameter Store secrets
backends of ...)
- TODO: check
+ NOT-FOR-US: AWS Secrets Manager
CVE-2026-42100 (Improper Handling of Syntactically Invalid Structure in Sparx
Pro Clou ...)
- TODO: check
+ NOT-FOR-US: Sparx Systems
CVE-2026-42099 (Sparx Pro Cloud Server is vulnerable to a Race Condition in
the /data_ ...)
- TODO: check
+ NOT-FOR-US: Sparx Systems
CVE-2026-42098 (Sparx Enterprise Architect software has a security feature
that limits ...)
- TODO: check
+ NOT-FOR-US: Sparx Systems
CVE-2026-42097 (Sparx Pro Cloud Serverrequires authentication based on
requested URL. ...)
- TODO: check
+ NOT-FOR-US: Sparx Systems
CVE-2026-42096 (Sparx Pro Cloud Server is vulnerable to Broken Access Control
within c ...)
- TODO: check
+ NOT-FOR-US: Sparx Systems
CVE-2026-41919 (Improper Neutralization of Special Elements used in an LDAP
Query ('LD ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41470 (LIVE555 before 2026.04.22 contains an authorization bypass
vulnerabili ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6841690e3bfec9df4c5814a75dfaa29e726df37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c6841690e3bfec9df4c5814a75dfaa29e726df37
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
